Hello everyone,
I am currently working in a specific network environment where, due to network restrictions,I plan to transmit Windows event logs to Elastic-Agent via UDP.
The specific data flow is as follows: Windows Event Log -> UDP -> Elastic-Agent (Custom UDP Logs integration) -> Logstash.
Currently, I am using the Custom UDP Logs integration of Elastic-Agent, with an Ingest Pipeline set as logs-winlog.winlog-1.20.0.
I would like to inquire whether this architecture and Ingest Pipeline configuration can automatically parse the fields of Windows event logs in Elasticsearch?
If anyone has similar experience or suggested configuration methods, I hope you can share them. Thanks!